Rest-ful Basic Authentication with ASP.NET MVC

Question

Anyone know how this works, I\'m using the .net membership provider and just want to pull an xml list. I\'m also using the .net mvc sdk.

Answer 1

Alright so I figured it out but the solution may be a bit ghetto. I took the AuthorizeAttribute from .net mvc source and recoded the OnAutorization method. This definitely works for me however it just works for Basic authentication and I'm not sure if this is the most secure method to use. However it does solve the problem of web clients being able to access secure .net mvc rest services.

public virtual void OnAuthorization(AuthorizationContext filterContext)
    {
        if (filterContext == null)
        {
            throw new ArgumentNullException("filterContext");
        }


        string auth = filterContext.HttpContext.Request.Headers["authorization"];

        if (!String.IsNullOrEmpty(auth))
        {
            byte[] encodedDataAsBytes = Convert.FromBase64String(auth.Replace("Basic ", ""));
            string val = Encoding.ASCII.GetString(encodedDataAsBytes);
            string userpass = val;
            string user = userpass.Substring(0, userpass.IndexOf(':'));
            string pass = userpass.Substring(userpass.IndexOf(':') + 1);

            if (!System.Web.Security.Membership.Provider.ValidateUser(user, pass))
            {
                filterContext.Result = new HttpUnauthorizedResult();
            }

        }
        else
        {
            if (AuthorizeCore(filterContext.HttpContext))
            {


                HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
                cachePolicy.SetProxyMaxAge(new TimeSpan(0));
                cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
            }
            else
            {
                // auth failed, redirect to login page
                filterContext.Result = new HttpUnauthorizedResult();
            }
        }


    }